In a conventional image content distribution system using the Internet, a user terminal generally acquires image content by accessing an image distribution server according to a metafile storing a Uniform Resource Locator (URL) of the image content sent from a distribution management server. At this time, the user terminal performs user authentication using a user ID and a password in order to acquire the metafile from the distribution management server. However, in the case of user authentication using the password, there is a danger that an unauthorized third party may tap the URL of the image content by unfairly acquiring the metafile containing the URL of image content.
An image content distribution system is thus required to prevent copyright infringement of image content, unauthorized watching of paid content, and tapping of personal information such as a user ID and a password or of a URL of image content.
Therefore, technologies for distributing image content to only a specific user using a one-time URL of the image content in order to solve the foregoing problems are disclosed in Japanese Laid-Open Patent Application No. 2004-310269 and Japanese Laid-Open Patent Application No. 2006-268141. In such a system using the one-time URL, when a distribution request for image content is received from a user terminal, a distribution management server describes a metafile containing a one-time URL according to a URL of image content specified by the user terminal and a newly-described password, and transmits the metafile to the user terminal. When the user terminal accesses an image distribution server according to the metafile, the image distribution server requests the distribution management server to confirm a password. In response to the password confirmation request from the image distribution server, the distribution management server confirms by searching whether or not the password exists in a password database of the distribution management server. If the password exists in the password database of the distribution management server, the distribution management server transmits confirmation information to the image distribution server, and at the same time, deletes the password from the password database. When the confirmation information is received from the distribution management server, the image distribution server transmits the image content to the user terminal.
In the case of image content distribution using session control in a bandwidth guaranteed network, when image content is to be watched, bandwidth guarantee by interposing a session control server between the user terminal and the image distribution server is required. Here, when the content of a session control message sent from the user terminal to the session control server is replicated by, for example, an unauthorized program, there is a danger that the user terminal may make an unauthorized bandwidth guarantee request to the session control server. This may case a problem in that network bandwidths are reduced so that the session control server and the image distribution server cannot accept content distribution requests from other users.
In addition, in a body of the session control message used in establishing a session between the user terminal and the image distribution server, media information of image content to be watched and transport information (including an IP address, a port number, etc.) of a transmitting/receiving period are described using a session identifier. Thus, the session control message is required to be encoded according to a tamper-proof technology to prevent the session control message from being altered or revealed. However, even if tamper-proof technology is used, when the content of the session identifier is altered before the session control message is encoded according to the tamper-proof technology in the user terminal, there is a danger of transmitting wrong media or transport information between the user terminal and the image distribution server or of causing an authorized operation such as the unauthorized bandwidth guarantee as described above. In addition, since the user terminal replicates or additionally writes media information or transport information on the body of the session control message when transmitting the session control message, conventional tamper-proof technology can hardly determine whether or not the content is altered. Furthermore, while systems disclosed in Japanese Laid-Open Patent Application Nos. 2004-310269 and 2006-268141 can prevent copyright infringement of image content or unauthorized watching of paid content, they can hardly defend against an unauthorized operation.